TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 6e02acf3aebffa06a4c616380b1acadb0704f501 / . / components / service / attestation / provider / attest_provider.c
blob: a658ac2318fa82398a6d22b012732e56b7c97323 [file] [log] [blame]
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]1/*
Julian Hall6e02acf2022-02-22 16:25:03 +0000[diff] [blame^]2 * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6#include <stdlib.h>
7#include <string.h>
8#include <protocols/service/attestation/packed-c/opcodes.h>
9#include <protocols/rpc/common/packed-c/status.h>
10#include <service/attestation/key_mngr/attest_key_mngr.h>
11#include <service/attestation/reporter/attest_report.h>
12#include <psa/initial_attestation.h>
13#include "attest_provider.h"
14
15/* Service request handlers */
16static rpc_status_t get_token_handler(void *context, struct call_req* req);
17static rpc_status_t get_token_size_handler(void *context, struct call_req* req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]18static rpc_status_t export_iak_public_key_handler(void *context, struct call_req* req);
19static rpc_status_t import_iak_handler(void *context, struct call_req* req);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]20static rpc_status_t iak_exists_handler(void *context, struct call_req* req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]21
22/* Handler mapping table for service */
23static const struct service_handler handler_table[] = {
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]24 {TS_ATTESTATION_OPCODE_GET_TOKEN, get_token_handler},
25 {TS_ATTESTATION_OPCODE_GET_TOKEN_SIZE, get_token_size_handler},
26 {TS_ATTESTATION_OPCODE_EXPORT_IAK_PUBLIC_KEY, export_iak_public_key_handler},
27 {TS_ATTESTATION_OPCODE_IMPORT_IAK, import_iak_handler},
28 {TS_ATTESTATION_OPCODE_IAK_EXISTS, iak_exists_handler}
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]29};
30
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]31struct rpc_interface *attest_provider_init(struct attest_provider *context)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]32{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]33 struct rpc_interface *rpc_interface = NULL;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]34
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]35 if (context) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]36
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]37 for (size_t encoding = 0; encoding < TS_RPC_ENCODING_LIMIT; ++encoding)
38 context->serializers[encoding] = NULL;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]39
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]40 service_provider_init(&context->base_provider, context,
41 handler_table, sizeof(handler_table)/sizeof(struct service_handler));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]42
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]43 rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
44 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]45
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]46 return rpc_interface;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]47}
48
49void attest_provider_deinit(struct attest_provider *context)
50{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]51 (void)context;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]52}
53
54void attest_provider_register_serializer(struct attest_provider *context,
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]55 unsigned int encoding, const struct attest_provider_serializer *serializer)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]56{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]57 if (encoding < TS_RPC_ENCODING_LIMIT)
58 context->serializers[encoding] = serializer;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]59}
60
61static const struct attest_provider_serializer *get_attest_serializer(
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]62 struct attest_provider *context, const struct call_req *req)
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]63{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]64 const struct attest_provider_serializer *serializer = NULL;
65 unsigned int encoding = call_req_get_encoding(req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]66
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]67 if (encoding < TS_RPC_ENCODING_LIMIT) serializer = context->serializers[encoding];
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]68
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]69 return serializer;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]70}
71
72static rpc_status_t get_token_handler(void *context, struct call_req* req)
73{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]74 struct attest_provider *this_instance = (struct attest_provider*)context;
75 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]76
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]77 uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
78 size_t challenge_len = sizeof(challenge);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]79
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]80 struct call_param_buf *req_buf = call_req_get_req_buf(req);
81 const struct attest_provider_serializer *serializer = get_attest_serializer(this_instance, req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]82
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]83 if (serializer)
84 rpc_status = serializer->deserialize_get_token_req(req_buf, challenge, &challenge_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]85
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]86 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]87
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]88 const uint8_t *token = NULL;
89 size_t token_size = 0;
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]90
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]91 rpc_opstatus_t opstatus = attest_report_create((int32_t)call_req_get_caller_id(req),
92 challenge, challenge_len,
93 &token, &token_size);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]94
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]95 if (opstatus == PSA_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]96
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]97 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
98 rpc_status = serializer->serialize_get_token_resp(resp_buf, token, token_size);
99 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]100
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]101 attest_report_destroy(token);
102 call_req_set_opstatus(req, opstatus);
103 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]104
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]105 return rpc_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]106}
107
108static rpc_status_t get_token_size_handler(void *context, struct call_req* req)
109{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]110 struct attest_provider *this_instance = (struct attest_provider*)context;
111 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]112
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]113 uint8_t challenge[PSA_INITIAL_ATTEST_CHALLENGE_SIZE_64];
114 size_t challenge_len = sizeof(challenge);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]115
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]116 struct call_param_buf *req_buf = call_req_get_req_buf(req);
117 const struct attest_provider_serializer *serializer = get_attest_serializer(this_instance, req);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]118
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]119 memset(challenge, 0, sizeof(challenge));
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]120
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]121 if (serializer)
122 rpc_status = serializer->deserialize_get_token_size_req(req_buf, &challenge_len);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]123
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]124 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]125
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]126 const uint8_t *token = NULL;
127 size_t token_size = 0;
Julian Hall644b57a2021-06-30 08:45:19 +0100[diff] [blame]128
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]129 rpc_opstatus_t opstatus = attest_report_create((int32_t)call_req_get_caller_id(req),
130 challenge, challenge_len,
131 &token, &token_size);
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]132
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]133 if (opstatus == PSA_SUCCESS) {
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]134
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]135 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
136 rpc_status = serializer->serialize_get_token_size_resp(resp_buf, token_size);
137 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]138
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]139 attest_report_destroy(token);
140 call_req_set_opstatus(req, opstatus);
141 }
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]142
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]143 return rpc_status;
Julian Hall700aa362021-05-13 15:30:39 +0100[diff] [blame]144}
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]145
146static rpc_status_t export_iak_public_key_handler(void *context, struct call_req* req)
147{
Julian Hall6e02acf2022-02-22 16:25:03 +0000[diff] [blame^]148 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
149 const struct attest_provider_serializer *serializer = get_attest_serializer(context, req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]150
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]151 if (serializer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]152
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]153 size_t max_key_size = attest_key_mngr_max_iak_export_size();
154 uint8_t *key_buffer = malloc(max_key_size);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]155
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]156 if (key_buffer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]157
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]158 size_t export_size = 0;
159 rpc_opstatus_t opstatus =
160 attest_key_mngr_export_iak_public_key(key_buffer, max_key_size, &export_size);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]161
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]162 rpc_status = TS_RPC_CALL_ACCEPTED;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]163
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]164 if (opstatus == PSA_SUCCESS) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]165
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]166 struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
167 rpc_status =
168 serializer->serialize_export_iak_public_key_resp(resp_buf,
169 key_buffer, export_size);
170 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]171
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]172 free(key_buffer);
173 call_req_set_opstatus(req, opstatus);
174 }
175 else {
176 /* Failed to allocate key buffer */
177 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
178 }
179 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]180
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]181 return rpc_status;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]182}
183
184static rpc_status_t import_iak_handler(void *context, struct call_req* req)
185{
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]186 rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
187 struct call_param_buf *req_buf = call_req_get_req_buf(req);
188 const struct attest_provider_serializer *serializer = get_attest_serializer(context, req);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]189
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]190 if (serializer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]191
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]192 size_t key_data_len = attest_key_mngr_max_iak_import_size();
193 uint8_t *key_buffer = malloc(key_data_len);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]194
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]195 if (key_buffer) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]196
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]197 rpc_status =
198 serializer->deserialize_import_iak_req(req_buf, key_buffer, &key_data_len);
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]199
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]200 if (rpc_status == TS_RPC_CALL_ACCEPTED) {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]201
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]202 rpc_opstatus_t opstatus;
203 opstatus = attest_key_mngr_import_iak(key_buffer, key_data_len);
204 call_req_set_opstatus(req, opstatus);
205 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]206
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]207 free(key_buffer);
208 }
209 else {
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]210
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]211 rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
212 }
213 }
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]214
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]215 return rpc_status;
Julian Hall482fd2f2021-05-17 16:34:48 +0100[diff] [blame]216}
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]217
218static rpc_status_t iak_exists_handler(void *context, struct call_req* req)
219{
Julian Hall6e02acf2022-02-22 16:25:03 +0000[diff] [blame^]220 (void)context;
221
222 rpc_opstatus_t opstatus = PSA_ERROR_DOES_NOT_EXIST;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]223
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]224 if (attest_key_mngr_iak_exists()) {
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]225
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]226 opstatus = PSA_SUCCESS;
227 }
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]228
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]229 call_req_set_opstatus(req, opstatus);
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]230
Julian Hall5a2e5782021-12-09 17:10:44 +0000[diff] [blame]231 return TS_RPC_CALL_ACCEPTED;
Julian Hallcaa4af82021-05-19 12:02:36 +0100[diff] [blame]232}